<?php
require_once 'config.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = trim($_POST['username']);
    $password = $_POST['password'];

    // 初始化错误数组
    $_SESSION['errors'] = [];

    // 基础验证
    if (empty($username) || empty($password)) {
        $_SESSION['errors'][] = '用户名和密码不能为空';
    }

    // 执行数据库查询
    if (empty($_SESSION['errors'])) {
        try {
            $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
            $stmt->execute([$username]);
            $user = $stmt->fetch();

            if (!$user || !password_verify($password, $user['password'])) {
                $_SESSION['errors'][] = '用户名或密码错误';
            }
        } catch (PDOException $e) {
            error_log("登录错误: " . $e->getMessage());
            $_SESSION['errors'][] = '系统错误，请稍后再试';
        }
    }

    // 如果有错误则返回登录页
    if (!empty($_SESSION['errors'])) {
        header('Location: login.php');
        exit;
    }

    // 登录成功处理
    $_SESSION['user_id'] = $user['id'];
    $_SESSION['username'] = $user['username'];
    $_SESSION['role'] = $user['role'];
    
    // header('Location: ' . ($user['role'] === 'admin' ? 'admin/' : 'profile.php'));
    header('Location: profile.php');
    exit;
}

?>
<?php include 'includes/header.php'; ?>
<div class="row justify-content-center mt-5">
    <div class="col-md-6 col-lg-4">
        <div class="card shadow">
            <div class="card-body">
                <h2 class="card-title text-center mb-4">用户登录</h2>
                
                <?php show_alerts(); ?>
                
                <form method="post" novalidate>
                    <div class="mb-3">
                        <label for="username" class="form-label">用户名</label>
                        <input type="text" 
                               class="form-control <?= !empty($_SESSION['errors']) ? 'is-invalid' : '' ?>" 
                               id="username" 
                               name="username"
                               value="<?= isset($_POST['username']) ? htmlspecialchars($_POST['username']) : '' ?>"
                               required>
                    </div>
                    
                    <div class="mb-3 position-relative">
                        <label class="form-label">密码</label>
                        <div class="input-group">
                            <input type="password" 
                                class="form-control" 
                                id="passwordInput"
                                name="password" 
                                placeholder="请输入密码" 
                                required>
                            <button type="button" 
                                    class="btn btn-outline-secondary toggle-password" >
                                <i class="bi bi-eye"></i> 
                            </button>
                        </div>
                    </div>
                    
                    <div class="d-grid gap-2">
                        <button type="submit" class="btn btn-primary">登录</button>
                        <a href="register.php" class="btn btn-link">注册新账户</a>
                    </div>
                    <!-- 在登录表单下方添加 -->
                    <div class="text-center mt-3">
                        <a href="forgot_password.php" class="text-decoration-none">忘记密码？</a>
                    </div>
                </form>
            </div>
        </div>
    </div>
</div>
<?php include 'includes/footer.php'; ?>